Re: [BUG] active ftp doesn't work since 2.6.9-rc1

From: Harald Welte
Date: Fri Oct 01 2004 - 08:26:23 EST

Next message: Alan Cox: "Re: patches inline in mail"
Previous message: Luke Kenneth Casson Leighton: "Re: making an in-memory hashing table ["name" -> ino_t] with thousands of entries"
In reply to: Vitezslav Samel: "[BUG] active ftp doesn't work since 2.6.9-rc1"
Next in thread: Harald Welte: "Re: [BUG] active ftp doesn't work since 2.6.9-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Oct 01, 2004 at 01:12:01PM +0200, Vitezslav Samel wrote:
> Hi!
>
> After upgrade to 2.6.9-rc3 on the firewall (with NAT), active ftp stopped
> working. The first kernel, which doesn't work is 2.6.9-rc1.
> Sympotms: passive ftp works O.K., active FTP doesn't open data stream (and in
> logs there entries about invalid packets - using
> iptables ... -m state --state INVALID -j LOG)

I just tried to reproduce the problem. Can you confirm the problem
disappears after executing

echo 1 > /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal

on your NAT box?

> Cheers,
> Vita Samel

--
- Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/
============================================================================
"Fragmentation is like classful addressing -- an interesting early
architectural error that shows how much experimentation was going
on while IP was being designed." -- Paul Vixie

Attachment: signature.asc
Description: Digital signature

Next message: Alan Cox: "Re: patches inline in mail"
Previous message: Luke Kenneth Casson Leighton: "Re: making an in-memory hashing table ["name" -> ino_t] with thousands of entries"
In reply to: Vitezslav Samel: "[BUG] active ftp doesn't work since 2.6.9-rc1"
Next in thread: Harald Welte: "Re: [BUG] active ftp doesn't work since 2.6.9-rc1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]